Global Db Secret

Set global database secret

One of the fields available for globalConfigurations is databaseSecretName which can point to a secret containing the database password. To set the database secret name and sync the data to all participating clusters, follow the steps below.

To edit other global configruations, see [global configuration]({{< relref "/operate/kubernetes/7.22/active-active/global-config" >}})

1. On an existing participating cluster, generate a YAML file containing the database secret with the database password.

This example shoes a secret named my-db-secret with the password my-password encoded in base 64.

apiVersion: v1
data:
  password: bXktcGFzcw
kind: Secret
metadata:
  name: my-db-secret
type: Opaque

1. Apply the secret file from the previous step, substituting your own value for <db-secret-file>.

   shCopy

   kubectl apply -f <db-secret-file>
   

2. Patch the REAADB custom resource to specify the database secret, substituting your own values for <reaadb-name> and <secret-name>.

   shCopy

   kubectl patch reaadb <reaadb-name> --type merge --patch \
   '{"spec": {"globalConfigurations": {"databaseSecretName": "secret-name"}}}'
   

3. Check the REAADB status for an active status and Valid spec status.

   shCopy

   kubectl get reaadb <reaadb-name>
   
   NAME             STATUS   SPEC STATUS   GLOBAL CONFIGURATIONS REDB   LINKED REDBS
   example-aadb-1   active   Valid
   

4. On each other participating cluster, check the secret status.

   ``sh kubectl get reaadb <reaadb-name> -o=jsonpath='{.status.secretsStatus}'

   Copy

   
   The output should show the status as `Invalid`.
   
   ```sh
   [{"name":"my-db-secret","status":"Invalid"}]
   

5. Sync the secret on each participating cluster.

   shCopy

   kubectl apply -f <db-secret-file>
   

6. Repeat the previous two steps on every participating cluster.